CVE-2024-34003

MEDIUM severity · CVSS 5.9 · Information disclosure

5.9CVSS MEDIUM

Summary

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredHigh

User interactionRequired

Confidentiality impactLow

Integrity impactLow

Availability impactLow

Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Affected products we track (1)

Moodle

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
https://moodle.org/mod/forum/discuss.php?d=458391Advisory
https://moodle.org/mod/forum/discuss.php?d=458391Advisory